05 Jun The Future of Autonomous Mitigation

The world’s most secure networks leverage the combined strengths of multiple technologies.
Their goal is to use a multi-layered approach, to create a combined solution which is stronger and more resilient than its individual components.

This document discusses each of the four key technologies, providing both summary information and the detail behind each capability, its limitations and contributing strengths.

There are four key technologies; monitoring, scanning, configuration auditing and SIEM.

Each technology is architecturally designed for onespecific expertise area. The complementary technologies each have a strength that none of the others can adequately provide.

Monitoring – Live Activity Detection

Scanning – Network Discovery

Configuration Auditing – Granular Accuracy

SIEM Systems– Collating the Big Picture

Monitoring:Provides a “Live View” of current activity on your security systems. For simplicity, monitoring includes any technology that sits on your network and monitors systems or network activity. This includes email gateways, web filtering, IPS and firewalls. Monitoring systems shine at detecting active attacks or malicious activity.

Scanners: Provide a “Helicopter View” of security systems. They lead with discovering what is on your network and normally provide externally basedsecurity insights via generative security data. (They interrogate, attack or exploit systems to generate security data, which they then analyzeand extrapolate into meaningful results).

SIEM solutions: Provide the “Executive Summary” of your current security risks by refining key information from different technologies & data sources together into a unified “big picture”.
They are particularly beneficial for large enterprises as they provide a way of viewing security, risk and compliance issues from levels of data that could otherwise be overwhelming.

Future SIEM solutions may provide the interface for autonomous mitigation solutions –
the next generation of network defense systems, predicted to be “self-healing”.

Technology Strengths
Multi-layered defenses leverage technology strengths to create a combined solution, stronger and more resilient than its individual components. To be effective this solution requires two complementary security perspectives – the “helicopter view” produced by scanning technology, balanced by the “granular view” of monitoring and configuration auditing.

Each technology is explained in more detail later in this document.

Disclaimers
As we are discussing the “most secure” networks in the world we will talk about the most applicable technologies in each area. This document will include advancedmonitoring & scanning tools, intelligentconfiguration auditing systems and market leadingSIEM solutions.

For reference there are two types of configuration auditing technologies:

Not Covered
Although building a secure intelligent architecture is essential, technology alone will not create a secure network – there are other vital components. Industry best practices, user training, behavioural analytics, polices, procedures and compliance standards are not covered in this document, but should be additionally incorporated into your security ecosystem and practices.